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U.S. PatiMl: Application Sari&l No. 08/309,336, 
filed on Saptismber 19, 1994 by David Hathav Papa, Lisa 
B* BlitzaT/ Jaaaa Joaaph Brockaan^ Williasi Cruz, Dwight 
Omar HaXim, Michaal Kranar, Dawn Dian Patr, Josafa 
Ramaroson, Garardo Ramiraa, Yang^Wai Hang, and Robart G 
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The present invention relates to an inproved 
interface between private cosputera or private computer 
netvorXa and the World Hide Web (WWW) using both 
wireline and wireless connections. More specifically/ 
the invention relates to an improved WWW interface with 
protocol translation, security and automatic configuring 



20 DeseriPtian of the Related Art 

For fifty years, people have dreamed of a xxniversal 
information database - data that would not only be 
accessible to people around the world, but organized 
such that related information is easily discovered and 

25 so that the most relevant data for a particular need is 
quickly found and accessed by a user. 

In the 1960 's, taiis idea was explored furthcur, 
giving rise to visions of a ••docuvarse*' that would 
revolutionize all aspects of human-^inf ozi&ation 

30 interaction, paxrticularly in the educational field. 
Only recently has the technology started to fulfill 
these visions/ malcing it possible to implement them on a 
global scale. 
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Tlie In^ern*^ bas ovolv^d. tlurough a coopMrml;lva 
^r^or^ toy un±v«rslt:las, corpora'tlona and govarnmont:. 
Yaaxs ago, ti^a O^tmnn^ Departiman't s^ajrta<i 
int:erconnacting tlia computiar natwojrlCB at univaraitiaa, 
5 privalre oirganiz anions and aomatilmas corpora^lona vi*^ 
wl\om researcii was t>alng conductiad* Ttils network at 
networks lias, ovar t;lma, ovolvad In^o a global nervor)c 
commonly ra^enrad ^o as tiim Xnt:ama't or tiha World wide 
Wai» (WWW) » Ham official daacriptlon for* tilia WWW is a 
XO "wide-araa hyparmedia Informatzlon jratrlaval initiatiiva 

axnlng t.o give univaraal accaaa to a lajrga univer-aa of 
doctunent:a • ** 

As ttia WWW bacama aor-a popular and aubjact: t.o vidar 
public uaa, ^a Dapartman^ of Dafansa curtallad Its 

X5 involvamant.. Today, many govarnmant.— fxindad linKa on t^e 

Xntarnatt nava baan turnad ovar to eoxuaarcial entarpriaas 
-tbat maintaixi tJxm int^arconnactlon of x^cal Xraa NatworJcs 
(XjlHs) bm^^mmxi univaraltiaa , companiaa, ate* 

Tbougb ^a WWW is proving to b« an asctramaly 

20 valuable resource for corporata antierprisas (for 

communicat.ing via eXactronic mail (a—mail) , accessing 
informat^ion on-line, etc.), corporations are concerned 
about tHe security of ttiair intellectual property, trade 
aecrets, financial recorda and otber confidential 

2 5 information stored on tbeir computer networlcs. Tbere is 

aXso concern about electronic vandalism — unautborized 
accass of a conputar network over tbe www for tbe 
purpoee of destroying or distorting computerised 
information • 

3 0 Tn response to tbese concerns # some connections to 

tha WWW bava baen protaetad with "Matworlc Security 
FiravalXs*"* As sbown in Pig. 1, a firawall ia coamonXy 
a spacif io piece of Hardware and/ or softwara bridging 



3 5 network (LAH) lO and tbe WWW 12. Tba main purpo 

firewall ia to screen data traffic into and out of tb 
network tbat ia to be protected. If a network 
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is detected, tlie firewall has the capability of sifting 
through the data traffic and disabling the intruder's 

In eaurly forms of Internet firewalls, it was 
lifftcult to ascertain which data traffic wae 
5 good or bad, i*e., relating to a corporate user or an 
intruder- This created a problem for corporate users 
(inside the corporate lAN) of Internet applications, 
such as File Transfer Protocol (FTP) , because their 
applications would sometimes get incorrectly blocked by 
lo the firewall. The firewalls needed more intelligence 
about application data traversing a firewall so that 
desirable traffic was not hindered- 

Internet engineers designed "proxy" services on 
Internet firewalls to meet this need- These proxies are 

15 



applications IDco an FTP application. it became a 
straightforward matter for networlc administrators to add 
multiple proxies to the firewall system based on the 
type of applications the internal corporate users wanted 
to execute. For example, WWW browsers (described below) 
would use a Hyper Text Transport Protocol (HTTP) proxy 
to transfer Hyper Text Harkup i*anguage (HTML) documents. 
To facilitate use of the WWW, ^browsing** software S 



2 5 and Mosaic*' browsers, allow WWW users to browse 

information available on computers linked to the www. A 
related invention by the assignee, described in U.S. 
Patent Application Serial No- 08/309,336 (hereinafter 
••the '336 application), provides users on computer 
30 networks with a consistent means to access a variety of 
media in a simplified fashion- MaJUng use of browsing 
software, the invention of the '336 application has 
changed the way people view and create information * it 
has created the first true global hypsrmedia network* 

3 5 One responsibility of an HTTP proxy is to receive 

requests from browsers or software applications 6 within 
the protected network lO and relay those requests to the 
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WWW 12, Ttie proxy also monitors access to the protected 
computer or network 10 from the WWW 12, Thus^ the proxy 
4 can allow a system administrator to monitor 
information and requestis flowing between the protected 
5 network lO and the WWW 12. if illicit activity is 

discovered, the proxy 4 can interrupt the connection to 
the WWW 12. This proxy-driven firewall 2, 4 allows 
corporations and those with similar concezms to make use 
of the valuahle resources of the WWW 12 while 
10 maintaining a degree of security. 

To effect links between computcors and software 
applications across the WWW, protocols have been 
developed to govern the transmission of computerized 
data. A protocol organises data to be transmitted over 
IS the WWW in a standard way recognizable by the receiving 
coitgputer. There are seven layers in the open systems 
interconnection (OSI) model of a computer protocol. 
Each layer adds additional organizational capabilities 
that facilitate the transmission of data. 
20 Xntemet Protocol (IP) is the third layer in the 

OSX model and the basic "language^ that is spoken on the 
Xntemet. The fourth layer; Transmission Control 
Protocol (TCP) , is a more specialized protocol contained 
in XP. To us« the WWW, a computer must be able to 
25 communicate using a protocol that incorporates XP and, 
conseq[usnt ly , TCP . 

The WWW and technologies surrounding Xntemet 
access have seen c^xplosive growth. Xany coxqpanies have 
evolved to allow subscribers access to the www using 
30 standard telephony* A group called Internet Service 
Providers (XSP) represents many of these service 



A promising area for further expansion of Internet 
access is wide*area wireless data networks. The 
35 wireless networks include cellular digital packet data 
(CDPO, provided by cellular carriers), circuit-switched 
cellular networks, such as the Mobiteac^ network 
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(provided by RAM Mobile data in the U.S.) , the Ardis"" 
network, and a host of emerging national wireless data 
providers . 

All at the listed data network providers offer 
traditional Internet Protocol (IP) service emd are 
capable of integrating with the www. The data speeds 
range from 4,800 to 28,^8000 bps and have latencies that 
range frosa milliseconds to 10 seconds. 

Despite the popularity of the WWW, there are still 
irechnical and security issues that must be overcome in 
accessing the Internal « Some of these problems are 
particularly acute for wireless systems trying to access 
t;he www. 

The first problem is caused by data latency 
(described in more detail below) • Data latency refers 
to the time delays created by multiple hops and slow 
links as dat:a travels across various nodes within the 
WWW. This particular problem is eacacerbated when the 
www is accessed using a wireless modem. Most wide area 
wireless, and some wireline, data networks were not 
originally designed to suppoxrt the TCP/IP protocol ♦ 
Latencies are increased even further by encapsulating IP 
data into the networks' original data protocols. 

When TCP is organising data for transmission over 
the WWW, it breidcs the data into discrete ••packets" of 
information. TCP then transmits the individual packets. 
Each packet includes instructions to the receiving 
syst^em for reassembling the packets into the cos^lete 
data stiructxire being transmitted. Bach packet also 
includes a cyclic redundancy check that allows the 
receiving system to check tha'C the packet was not 
corrupted or broken up dxiring transmission. 

TCP is typically configured to transmit a number of 
packets and then wait for a confirmation from the 
receiving system that the packets have been received 
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properly* Tha amoun-t of time required to ^auismxt a 
data paclcat: auid rscaive confirmation of its anrival is 
known as the ••lat^ncry" of th# system. 

If TCP does not receive conf irmation that the data 
5 packet was properly received/ it will aesumi 

packet was lost during transmission and re-tranamit 
packet- If the latency of the system gets too high^ TCP 
will assume, prematxirely^ that the packet was lost and 
flood the network with re-transmissiono of the same data 
10 packets before the original packets reach their 

destination. This is also a problem because many 



transmitted • If TCP is flooding the system with 
iznnecessary duplicates of packets still in transmission/ 
15 the cost to the user will be greatly increased. ThuS/ 
TCP cannot operate properly over a connection with a 
high latency. If the latency of the system exceeds 
approximately 3 to 5 seconds / TCP will begin to 
malfunction • 

20 When the WWW is accessed over standard phone lines 

that do not support TCP, the TCP datagram must be 
encapsulated (i.e., traxislated) into a form that can be 
sent over the telephone line. The datagram is then 
unpacked and used by the receiving computer. While this 
approach works, it adds to the latency of the 



A further problem with accessing the www using a 
wireless modem is the increased latencies that are 
introduced by the wireless network. A general trend ii 
the wider the area served by a wireless data network, 
the lower the bandwidth (in bps) of the transmission. 
For example, present wireless communication systems in 
use in the United States are capable of transmitting 
4,800 bits of data per second. This results in 
3 5 latencies up to as much as 10 seconds. 

Related art on wireless WWW access exists at: 1. 
Carnegie Mellon University's Information Networking 
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institute, wtr.less Andrew Initiative. 2. Rutgers 
university's Winlab, Dataman project. 3. University of 
Washington's CSiE, Mobisaic. 4. Xerox's Palo Alto 
Research Center, PDA and virtual office computing 
5 concepts. 5. Computer Networlcs 5. ISDM Systems Volume 
0028, Number 1-2 ISSN:0169-75S2, Dec '95, "PDAs as 

Mobile WWW Browsers-, Gessler s. , Kotulla A. 6. General 
Magic's, Magicap OS version of a WWW browser with 
enhancements for Telescript agertt technology. 
10 All of these projects and papers either require the 

modification of a browser, specification of new 
protocols (Still based on TCP) , or defining generic 
inter-networlcing specifications for connecting wireless 
and low-bandwidth network© to the internet for www 



Thus, there is a need for a method of translating 
TCP in co^ections over high-latency wireless and 
wireline networks. 



A second problem is that current WWW acces» 
software doe. not provide standard mechanisms for 
compression, encryption, or filtering- compression 
entails decreasing the size of transmissions of data 
over the network without changing the content of the 
information. Most proposals for compression support 
require external utilities from the browser to 
decompress the data, and then return usable output to 
the browser through the use of Multipurpose Internet 
Mail Extension (MIME, Nathaniel Borenstein et. al RPC 

1521) types. . 4 » 

Encryption is the coding of data transmissions. 

Encryption helps to provide security since encrypted 
data transmissions are much more difficult for an 
unauthorized party to intercept and access, 
unfortunately, it is unlikely that generic, open 
standards for these desirable services could be created 
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t:o supposrt all WWW cliMt recjuM'Cfi* Standards are 
evolving for encryption in WWW software (i.e.. Secure 
Socket Layer (SSI#) ) • However, at current levels of 
computer hacking, it is unlikely that any open standard 
5 for encryption will be able to maintain integrity for 
long. 

Most advanced browsing technologies/ therefore, 
have installed proprietary encryption schemes and are 
only capable of working between a WWW server that 
10 supports the encryption scheme* This option goes 
against the open standards design of the www. 

Filtoring refars to global control of a WWW 
response based on data sizm, type, or some other 

a user can customiza the rece 
15 of data. Work is being done in this area through www 
search engines, specialized caching utilities on 
advanced browsers, etc. 

The filtering referred to here is a global safety 
net for unwary users that could potentially misuse a 
20 wireXes8/low*bandwidth data network by requesting too 
much data, retrieving spurious information, or some 
other unwanted side effect resulting from a www request 
For example, a user may req[uest a data object from the 
www that a user is not aware is extremely large, and 
25 perhaps costly, to transmit* As a safety net, the user 
may configure a filter to automatically prevent a 
particular request from being executed. 

Thus, there is a need for an implementation of 
compression, encryption and filtering features in a WWW 
30 interface. 



A third problem exists in that there is no standard 
way for www access software to receive asynchronous or 
3 5 unsolicited updates from the network. Existing browser 
technology is client based. The most popular browsers, 
such as the Netscape'", Mosaic^, Lynx™ browsers, as well 
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as otLhar popular browsers , reG[uir# users to 

initial* some form of rftquASt before response data will 



20 



For ascanpl*. It is dasirabla for a company 
S providing access to tbe WWW to ba ablo to ramotely 

configure a subscriber's www accas& systsm from within 
the natwork. Sinca regular browsers do not offer this 
feature, stibscribers must configure and update their 
access software manually* This may require the support 
xo of the service provider through a traditional voice 

customer support line or custom agent software on the 
user's host system (refer to "ZSG: Xntegrated Services 
Gateway, Bellcore TM-24856, for a more complete 
_ description of the problem) . 
15 Thus, there is a need for a WWW interface that can 

receive and implement unsolicited transmissions from the 



automatically configure software for accessing the 



It is thus an object of the present invention to 
meet the above«^described needs and others* It is an 
object of the present invention to provide a method and 
25 system for interfacing with the WWW that suppoxrts TCP/IP 
in a high- latency environment, provides compression, 
encryption and filtering services and accepts and 
JLmplements unsolicited messages from the WWW or the 



3 0 Additional objects, advantages and novel features 

of the invention will be set forth in the description 
that follows, and will become apparent to those skilled 
in the art upon reading this description or practicing 
the invention. The objects and advantages of the 

35 invention may be realised and attained by the appended 
claims • 
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To achieve tlie foregoing and o^^r* objects and in 
accordance with the purpose of the present invention, as 



method of the present invention may utilize a host 
computer having a browser and a local proxy in a first 
location, a remote proxy in a second location in 
commxinication with the local proxy through a low- 
bandwidth network/ means for initiating a query on the 
browser and sending the query to the local proxy using 
an application layer protocol , means for converting the 
application layer protocol of the query into a transport 
protocol suitable for transmission over the low- 
bandwidth networX, means for transmitting the query over 
the low-bandwidth network from the local proxy to the 
remote proxy / and meens for converting the trajisport 
protocol into an application layer protocol suitable for 
execution of the query on the computer network* 

It is also preferred that the system and method of 
the present invention include means for communicating 
the query to a network server # executing the query, and 
returning a data object to the remote proxy, means for 
converting the data object into a transport protocol 
suitable for transmission over the low-bandwidth 
network, means for transmitting the data object over the 
low-bandwidth network from the remote proxy to the local 
proxy / means for converting the transport protocol of 
the data object into an application layer protocol at 
the local proxy, and means for communicating the data 
object into the browser using the application layer 
protocol * 

It is also preferred that the system and method of 
the present invention include means for creating a query 
script having settings for compression, filter ing^ and 
encryption, means for encapsulating the query script for 
transmission over the low-bandwidth network from the 
local proxy to the remote proxy, means for compressing, 
filtering, and encrypting the data object according to 



embodied and broadly described herein, the system and 
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the settings in the query script, and means for placing 
the data object in a reply script for transmission over 
the low-bandwidth network from the remote proxy to the 
local proxy. 

S In a further aspect of the present invention, in 

accordance with its objects and purposes, the system of 
the present invention may also comprise a system for 
communicating with a computer network/ comprising a host 
computer having a browser for a user interface, a local 

10 proxy means for communicating with the browser using an 
application layer protocol, the local proxy means having 
meaune for converting the application layer protocol into 
a transport protocol, and a remote proxy means for 
communicating with the local proxy means using the 

15 transport protocol • The remote proxy means includes 
means for converting the transport protocol into the 
application layer protocol, and means for communicating 
with the computer network using the application layer 



20 



The present invention will become acre clearly 
appreciated as the disclosure of the present invention 
is made with reference to the accompanying drawings. 



25 

Fig- 1 is a block diagram showing the related 
firewall interface between a private computer network 
and the www. 

Fig. 2 is a block diagram showing the split proxy 
3 0 interface of the present invention. 

Fig. 3 is a schematic diagreun of the protocol 
translation performed by the local proxy interface of 

the present invention. 

Fig. 4 is a schematic diagram of the protocol 
35 translation performed by the remote proxy interface of 
the present invention. 
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Fig* 5 is a flow 
of tihe proxy interface 
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shoving thm implementa'tion 
the pracant invention. 



npTATI.gD DggCRIPTIOW oy THH yRgygRRgP BKBCDTHTmr 
5 Reference will now be made in detail to a preferred 

emhodiment of the invention, an example of which i« 
illustrated in the acconqpanying drawings* 

The creation of the WWW is a computing revolution 
which also offers a potential catalyst for wireless data 
10 networks to become a direct participant in exploding 

Internet popularity. The present invention provides a 
method and system for interfacing a private computer or 
private computer network with the WWW which provides 
support for TCP/IP in a high- latency environment; 
15 compression, encryption/ and filtering services; and the 
receipt and implementation of unsolicited messages 
transmitted by the service provider* The present 
invention also allows a Laptop or Personal Digital 
Assistant (PDA) direct access to the WWW from a mobile 
20 (wireless) terminal. 

For example, the interface to the WWW of the 
present invention may be implemented by modifying a 
proxy. Fig. l, element 4, to perform the required 
functions. The modified proxy would become a system of 
25 split proxies (sometimes referred to as Agent 

technology, as described in O-S. Application Serial No. 
08/309^336) that could be implemented on a firewall, or 
can be an application running in the background on an 
individual conputer, even a laptop, that can access the 
30 WWW via a wireless or wireline network. 

Referring to Figure 2, the interface of the present 
invention is a modified split proxy. A split proxy 
comprises a local proxy 56 and a remote proxy 66, which 
are software modules that enable translation and 
3 5 restoration of WWW requests. 

A user operating a mobile terminal 52 is using a 
web browser 54 which communicates with the WWW using 
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TCP/IP. The local proxy 56 is a software paOcage that 
runs in the background on the user terminal 52. Where 
high latency i« a problem, the local proxy 56, according 
to the principles of the present invention, vill 
5 translate data requeste/tranfimissions between the TCP/IP 
protocol used by the browser and a protocol robust 
enough to carry data acrose the communication network to 



10 



30 



35 



In the illustrated embodiment of Figure 2, the user 
is acceasing the WWW through a wireless network. For 
example^ a wireless modem 58 uses a low-bandwidth 
optimized protocol^ such as AirBoss^ Wireless Transport 
Protocol, to commxanicate with base station 60. Thus, 
_t:he local proxy 56 translates the low-bandwidth 
15 optimized protocol to TCP/IP. 

The local proxy's encapsulated request script (see 
Fig. 5 - General Browser Usage Flow) , is transmitted 
through a wireless network 62 to the remote proxy 66. 
The remote proxy 66 meikes the necessary protocol 
20 translations between TCP/IP and the low-bandwidth 




Protocol, to connect the user to the WWW 68. 

The present invention provides several methods by 
which standard web browsers that support proxy service! 
can be adapted, for wireless and low-bandwidth web 
browsing. The present invention will be explained by 
describing three sets of methods ^ which relate to the 
first, second, and third problems described above. 



The first problem to be overcome is the 
transmission of data using TCP/IP over networks that 
experience high latency, for example / more than 
approximately 3 to 5 seconds. The method and system 
used to solve Problem 1 involve protocol translation 
Protocol trauislation refers to encapsulating TCP 





wo 97/35402 - 14 - PCTAJS96/03909 

application requests that have a single request/ response 
pair (i.e., HTTP, SMTP, Gopher, and WAIS) into a 
suitable connection-oriented protocol robust enough to 
function in the high latencies encountered over 
5 communication networks, particularly wireless and other 
low-bandwidth networks, that trauismit the data. 

The protocol translation is achieved by the split 
projcy. The local proxy is started on the host where a 
user also initiates a standard web browser. The web 
10 browser is configured, either by the user or the local 
proxy, to coaottunicate with the local proxy. The letter 
configuration option is preferred because it hides 
reasonably sophisticated proxy configuration issues from 
the user. However, the proxy must know which browser is 

15 being used. 

Once the local proxy and web browser are launched 
auid configured correctly, the browser then funnels all 
WWW requests through the local proxy. The local proxy 
then takes the browser's www request and converts it 

20 Into an appropriate low-bandwidth optimised protocol for 
the network being used (e.g., aIjtBoss- wireless 
Transport Protocol, based on DDP/IP) . 

The remote proxy is capable of receiving the 
converted script form from the local proxy and 

25 completing the operation on behalf of the original 

request made by the. browser. Once the data is received 
at the remote proxy from the converted request, the data 
is encrypted, compressed, filtered based on the original 
script, and/ or encapsulated into an optimized protocol 

3a and sent back to the local proxy (these services will be 
described in more detail in Methods 2 & 3 described 
below) . The local proxy receives the encapsulated 
response, unpackagoo it, and retumo the final rooponoo 
to the browser. 

35 Referring to Figure 3, the example of a request for 

WWW data will be described. The web browser 54 outputs 
a request which is couched in the advanced OSI protocol 
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lay<u:s or applicat:ion layer protocols 70 which comprises 
TCP/IP. Th« request is transmitted to the local proxy 
56 which translates the request into a low-bandwidth 
optimized protocol 12, such as AirBoss*" Wireless 
5 Transport Protocol, which is based on UDP/XP. The 

encapsulated request is then submitted via the networJc 
access device 58 (e.g., modem) to the low*-bandwidth 
network . 

Referring to Figure 4, the request traverses the 

10 low-'b2mdwidth network to arrive at the genctric service 
node 74 . The encapsulated req[ue6t is then submitted to 
the remote proxy 66 which translates the encapsulated 
request from the low-bandwidth optimized protocol (e.g., 
AirBosfi™ Transport Protocol) to the application layer 

15 protocols originally created by the web browser, and 
submits the browser's request to the Internet. 

Regarding the communication between the remote and 
local proxies, multi-threading is important* 
Multi**threading refers to a programoiing/ operating system 

20 paradigm that allows applications to appear to do 

several operations at the same time. During development 
of the present invention, it was discovered that the 
split proxy should be capable of multi-'threading 
request /response pairs. Since most WWW browsers support 

25 mult i -'threaded client request/responses, the split proxy 
should do the saime to facilitate seamless integration 
into the WWW access regime. 

Implementing multi<*threading in the split proxy of 
the present invention rsquires a transaction system 

30 between the local and rcuaote proxies to match the 

internal scripts that encapsulate a request with the 
response scripts destined for a browser. The precise 
transaction system implemented between the proxies is 
not important, and it will be obvious to one of ordinary 

3 5 skill in the aurt how such a transaction system may be 
structured based on the disclosure of the present 
invention* The protocol and transaction mechanism 
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described in Method Sats 1 and 2 is baaed on the 
Personal Communications Internet work (PCI) system 
described in tbe '336 application. 

The more sophisticated the transaction system, th« 
5 better the system and method of the present invention 
becomes for enabling end-users to browse the WWW over 
low-bandwidth networks. The following methods of the 
present invention are based on this discovery. 

A benefit of supporting multi -threaded 
10 request /response pairs is that multiple browsers can be 
suppozrted on a host by a single local proxy. 

MatAod 



20 



25 



As the WWW developed and the existing protocols 
15 were layered on top of each other to meet the data 

transmission needs of users, web browsers were created 
to make use of the exiting protocols. In current WWW 
access software, the need for data security and 
compactness was largely overlooked. As a result, web 
browsers using TCP/IP do not provide for encryption, 
compression or filtering of data for transmission. 

The main consortium for the WWW, W3C, has 
considered standards for secviring transmission of data 
over the WWW. However, the problem with such web-wide 
standards is that, once they are announced, hackers 
begin to work their way through the protocol 
specification to find ways of defeating the security 



Accordingly, it is an object of the present 
30 invention that the proxy software include compression, 
encryption, and filtering tools in a proprietaary regime 
that still makes use of all of the open nature of the 
WWW. Thus, the transaction system between the remote 
end local proxies, including compression and encryption 
35 algorithms, may be a proprietary system devised by a 
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A filtering tzool can also b« implemented by the 
spXit proxy- Filtering / in the context of the present 
invention, refers to a global control on the low- 
bandwidth networJc* For example, when browsers siibmit a 
5 request for information, they generally do not know how 
much information is going to be retrieved. According to 
the principles of the present invention, tAe local proxy 
receives filtering configuration instructions from the 
user which are then transmitted to and implemented by 

10 the remote proxy. The remote proxy can then perform 
such functions as examining the responae to a user's 
data request and stopping unduly large data objects, for 
example « from overwhelming the user's system. 

Zn general, encryption and compression algorithms 

15 are better placed in between the local proxy and the 

remote proxy as opposed to placing such capabilities in 
a now web browser* As noted, such algorithms can then 
be protected in a proprietary regime. One of ordinary 
3)cill in the art could easily dMlgn encryption and 

2 0 compression algorithms based on well-known principles 
for any service provider desiring a unique set of 
algorithms . 

on the other hand, despite their vulnerability, 
open, widely known standards for such algorithms, such 
25 as have been considered by the W3C, have advantages, 
such ae, for example, interoperability. 
Interoperability allows different producers of proxies 
to make remote and local proxies that function together. 
This also allow manuf actiirers at different computer 
30 platforms to bridge their platforms with others. 

A script to implement compression, encryption and 
filtering, whether proprietary or open, should include 
fields to do at least the following: 

A- Support encryption. For example, MD5 cipher 

35 a 
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B. Support multiple types of compression 
(compression choice slxould be bas«d on the type of data 
contained in the script) . For example, LZW compression 
algorithms can be used on textual data. 
5 c. support at least negative filters or positive 

filters. For example^ one or more of the following 
filtering algorithms can be used: 

Negative filters - A response script should 
not include any binary data or a response 
10 script should not be greater than this size. 

Positive Filters - A response should include 
all lines of text with "wireless in it. 
If at any point along the path between the remote 
and local proxies there is some failure, particularly in 
15 the wireless environment, the transaction system between 
the local and remote proxies must be able to respond 
appropriately. For example, if the script cannot be 
submitted to the wireless network, or the script fails 
to get to the remote proxy, or the remote proxy is 
20 incapable of getting access to the Internet, the 
transaction system must respond appropriately. 

MflttT^ Sat 3 

The final problem arises because WWW access 
25 software, the web browser, was originally designed to 
act as a client. Client software on its own generally 
i» not capable of receiving asynchronous or unsolicited 
updates from the network. This is a problem if a 
service provider would like to provide subscribers with 
30 access software and then to remotely (from within the 
network) manage the configuration of that software for 
the user. This feature of the present invention 
provides a way for largo service providers to offer WWW 
access that is scalable to the needs of the customer. 
35 As noted, the web browsers currently in use are not 

designed to receive and implement such updates- The 
service provider may instead distribute new updated 
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software. If user is operating on a lar-ge scala, 

implementing an update may even require a service 
technician dispatched to reinstall the software, 
reconfigxire the software^ amd tro\ibleshoot it. 
5 Alternatively r the customer may have to call a customer 
support line and wait for verbal instructions to support 
installation of the update. 

According to the principles of the present 
invention, a simpler and more efficient solution is 
10 provided by a service provider using the split proxy 

interface. Using the encryption and security protocols 
designed for the service provider's system, the service 
provider can access the user's VWW access software on 
the user's own system and immediately install, configure 
15 or update that softweire. This method may also 

incorporate messages to the user to indicate the action 
taJcen by the service provider. 

The solution of the present invention is to 
configure the local proxy to be capable of 
20 asynchronous/xmsolicited receipt of scripts that are 

designed to modify an end user's host system for things 
li)ce software updates, configuration changes, or new 
service advertisements. Ideally, the local proxy should 
be running constantly in the background of the user's 
25 system to receive and implement such communications, 
even if the web browsing software is not running - 

Since the local proxy is not part of the browser 
and should always be running to receive these 
asynchronous network uploads, the present invention was 
3 0 designed to be small and modular to limit the amount of 
system resources. This feature protects against 
unwanted interaction with other installed software 
(i.e., memory allocation, IP port assignment, etc.). 



35 Erfit! 



RefewcTing to Fig. 5 of the drawings, a flow diagram 
of the present invention will be described* The flow 
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diagram of Fig. 5 has a series of entities li»l:ed at tih# 
top corresponding to tiie main components of the present 
invention/ including the web browser 54, the local proxy 
56/ the remote proxy 66, and the external web searver of 
5 the WWW 68. The flow diagram illustrates the 

interaction of these components dtiring the startup 
process, the general browser usage process, and the 
service update process, respectively. 

The web browser 54 and the local proxy 56 are 

10 designed to run co-resident on the same host computer or 
user terminal 52 . The remote proxy 66 and the external 
web server/ however, do not necessarily need to be co- 
resident. The remote pro^cy 66 must only be able to 
access and communicate with the external web server- 

3^5 The arrows in Pig. 5 represent communication or 

transfer of data from one entity to another. The arrow 
heads specify the direction in which the action is 
directed. The lines from top to bottom represent the 
timeline and the sequence with which the process steps 



The first flow sho%ni in Fig. 5 is the start-up 
flow. This is basically how the system i» activated on 
the end user's host computer. It is assumed that the 
remote proxy ^« external web server are already 

running in all of these flow descriptions (those systems 
can be maintained and started by a system administrator 
with no interaction from the end user's point of view) . 
The first action that occurs ie that the end user starts 
the local proxy. That simply means launching an 
30 application that starts up and runs in the background of 
a multi-threaded operating system. The operating system 
can be, for example, the Windows^ Version 3.1 operating 



After the local proxy is started, the local proxy 
35 has two responsibilities. If the browser type is 

specified on the user's host computer, the local proxy 
should configure and start the browser. Some browsers 
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must t)* configured before they are Launched, while other 
browsers must be launched first and then configured. 
This is dependent on which browser type is being used. 
The browser can be any conventional browser type that 



If the browser type is not known, the end user will 
have to launch and conf igxire the browser manually for 
the local proxy. In this case, the end user must know 
enough information about the web browser that he is 
10 using to be able to manually configure it for proxy 



The second flow sbown on Fig. 5 is a general 
browser usage flow. This flow shows the process steps 
of the present invention after the browser has been 

15 started and configured. The end user first submits a 
standard web request. That basically means the user 
points and clicks on a hyperlink or opens up a dialog 
box and enters what is typically called a universal 
resoxirce locator (URL). For example, this is how the 

20 Internet community identifies and accesses data objects 
on the WWW. 

The next step in the f lov Cor the general browser 
usage is that the query launched from the browser is 

submitted to the local proxy. The local proxy creates a 
25 query script, and places settings in that script 

defining the type of compression to be used on the data 

object or the types of compressions that are available. 

The local proxy also places settings in the script for 

the filters and the encryption type to be applied to 
30 that data object. The settings provide security and 

also give the user control of the information that will 

be returned in response to the query. 

After that script is created, it is delivered to 

the remote proxy. The remote proxy parses the qpiery 
35 script and extracts the packaged query that was 

originally sxxbmitted by the browser- The remote proxy 
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tlien executes query in a c'&axidLard web da^ object 



20 



Tn© eacteimal w#b server, after receiving "the query, 
retxim tiie appropriate data object associated with 
piery. No other special enhancements are needed at 
that point. That is just a traditional client to server 
request on the computer netvorJc that can use any 
appropriate WWW protocols* For example/ hypertext 
transfer protocol , file tramsport protocol, simple mail 
10 transport protocol, or post office protocol can be used* 

After the data object has been returned to the 
remote proxy/ the remote proxy applies the compression/ 
filters/ and encryption that were specified in the 
original query script. Those include the actions to be 
run on the data object to put the data object into the 
corTrect form for deliveiry to the local proxy* The 
compression/ filters, auid encryption are formulated into 
a reply script* 

After the actions are completed and delivered to 



script with the request script* Once the reply script 
is matched with the request script, it will know the 
appropriate browser and place to deliver that 
information to the browser* The local proxy then pare* 

25 through the reply script and extracts the internal data 
object* Thus, two things need to happen with the reply 
script in the local proxy. The reply script must be 
matched with the request, and the local proxy must 
extract the data object out and deliver it to the 

3 0 appropriate place in the operating system so that the 
browser can display the object in its viewer* 

The third flow shown in Fig* 5 is a service update 
or a service script flow. This is a situation where a 
network administrator that is interosted in implementing 

3 5 updated services would be able to remotely from within 
the network configure an end user's host system. The 
remote proxy creates a service script. For axample, if 
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a new HTML hom« pago 
on t:he end user's 
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-to be delivered 



remot:e system, a service 
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and con£ igured 
script would 
to writre an 



HTML file into the distaribution. THe service script 
would contain the HTML page as the data object and once 
the script is completed in an appropriate form, it would 
be delivered to the local proxy. 

The local proxy has a responsibility of parsing 
through the service script, pulling out both the action 
and any associated data objects with that action, and 
completing the requested action. So, to finish the 
example, the local proxy would parse through to find out 
what action was requested (writing a new HTML home 
page) , extract the data object (a new HTML home page) , 
and then write the data object to the local file 
distribution. The arrow indicatoa that it is sometimes 
appropriate to display information into the browser. 
Sometimes that is not going to be possible, and the 
local proxy will display dialog boxes or other user 
interface notification of appropriate actions. The 
browsers that are capable of receiving asynchronous 
updates can be notified at that point, ai»d the local 
proxy will initiate that action and send any appropriate 
user interface controls to the browser to display to the 
user the actions that h*ve just been executed on the 

local host system. 

The interface between a user and the www provided 
by the present invention provides protocol translation, 
compression, encryption, filtering and automatic service 
updetes that results in a much improved connection to 
this extremely valviable resource. Regarding 
coawression, there could be a direct savings to an end 
user for demanding the proxy services of the present 
invention in a wireless networking environment. Most 
wireless network providers have per packet charges or 
£lat zrates for bulk usage (e.g. , fixed rate for up to 1 
MB of data) . A direct savings could be realized when 
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dara on that: link is con^ressed. Empirical measuramentis 
show tAat standard HTML data can be regularly compressed 
to 50-60* or the original pay load, including script 
overhead* This means a customer can retrieve twice as 
5 much www data for the same price. 

The prasent invention provides a way for a network 
administrator to directly manage a customer's host 
configuration, foregoing less reliable technical support 
lines to troubloshoot problems or requiring the customer 
10 to learn sophisticated settings for software, illso, new 
service deployment is automated by the present 
invention « 

The technology embodied in the present Invention is 
most suitable for use by iSPs, manuf acturere of PDAs eoid 

15 laptops. Wireless Ketvork Providers, Wirelees System 

Integrators/ and Telsphony providers wishing to become 
ISPs. The technology can also be integrated with other 
product lines to enhance projects that have strong ties 
to the WWW and have mobility components. 

2 0 Xt will be appreciated thet the present invention 

is not limited to the exact construction or process 
steps that have been described above and illustrated in 
the accompanying drawings, and that various 
modifications and changes can be made without departing 

25 from the scope and spirit thereof. It is intended that 
the scope and spirit of the invention only be limited by 
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WHftT Iff ^TA^gP = 

1. K mettiod for coaun\inicat:ing with a computer 

network , compr is ing : 

placing a host computer having a browser and a 
5 local projcy in a first location; 

placing a remote proxy in a second location in 
communication with said local proxy through a low- 
bandwidth networks- 
initiating a query on said browser and sending 
10 query to said local proxy using an application layer 



20 



converting said application layer protocol 
qxiery into a transport protocol suitable for 
-transmission over said low-bandwidth network; 

transmitting said query over said low-bandwidth 
network from said local proxy to said remote proxy; 



application layer protocol suitable for executing said 
query on said computer network. 

2. The method according to claim 1, furt h e r 
comprising said steps of communicating said query to a 
network server, executing said query, and retiarning a 
data object to said remote proxy - 

3. The method according to claim 2, further 

comprising said steps of: 

converting said data object into a transport 
protocol suitable for transmission over said low- 
3 0 bandwidth network; 

transmitting said data object over said low- 
bandwidth network from said remote proxy to said local 



converting said transport protocol of said data 
35 object into an application layer protocol at said local 
proxy ; and 




- 26 - 




WO 97/35402 

communicating said dat;a oJDj^ct: in'to 
using said application layer protocol. 
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id browser 



4 . Tha metiiod according to 
a 

star-ting said local proxy on 
configuring and starting said 



1/ further 
sing said stops ot 



browser using said 



10 5. Tiim method according to claim 1^ wherein said 

step of converting said application layer protocol of 
said (juery f\arther comprises said steps of: 

creating a query script having settings for 
compression^ filters, and encryption; and 

15 encapsulating said query script for transmission 

over said low-bauidwidth network from said local proxy to 
said remote proxy* 

6. The method according to claim 5, %rherein said 
20 step of converting said application layer protocol of 

said data object further comprises said steps of: 

coapressing, filtering, and encrypting said data 
object according to said settings in said query script; 
and 

25 placing said data object in a rsply script for 

transmission over said low-bandvidth network from said 
remote proxy to said local proxy. 

7. The method according to claim 6, further 
30 comprising said steps of: 

matching said reply script with said quexry script 
upon receiving said reply script in said local proxy; 
delivering said raply script to said browser; 
xmpackaging said data object from said reply 
3 5 script; and 

displaying said data object in a viewer of said 

browser. 
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8. The meth-od according t:o claim x, furt:hor 

comprising said st:eps of: 

creating a serv^ice script: at said remote proacy; 

transmitting said service script from said remote 
5 proxy to said local proxy; 

parsing said sei-vice script and extracting a 
requested action and data object from said service 
script; and 

executing a service action at said local proxy. 

10 

9. The method according to claim 1, wherein said 
computer networX is the World wide Web, 

10. A system for communicating with a computer 

15 network/ comprising: 

a host comput€ur having a browser and a local proxy 

in a ifirst location; 

a rcuaote proxy in a second location in 
communication with said local proxy through a low- 

20 bandwidth network; 

means for initiating a query on said browser and 
sending said query to said local proxy using an 



means for converting said application layer 
25 protocol of said query into a transport protocol 
suitSLble for transmission over said low-bandwidth 
network ; 

means for transmitting said query over said low- 
bandwidth network from said local proxy to said remote 

30 



means for converting said transport protocol into 
an application layer protocol suitable for execution of 
said query on said computer network. 

3 5 11. The system according to claim 10/ ftirther 

comprising means for commuxiicating said cjuery to a 
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said query, and retiumin? a 



network server / 
data object to said remote proxy* 

12. The system according to cl&im 11, further 



compr Is ing ; 

means for converting 



said data 



low-bandwidth networks- 



means for 

low«-bandwidth network 



abject into a 
transmission over said 

data object over said 
proxy to said 



from said remot.e 



means for converting said transpor-t protocol of 
id data object Lntx> an application layer protocol 

said local proxy; and 

means for communicating said data, object into said 
browser using said application layer protocol. 



20 



13. The system according to claim 10, fiarther 
sing: 

means for starting said local proxy on said host 



starting said browser 



means for configuring and 
ing said local proxy. 



25 



30 



3^4. Xhe system according "to claim 10, wherein 
means for converting said application layer protocol of 
said query fxarther comprises: 

means for creating a query script having settings 
for compression, filters, and encryption; and 

means for encapsulating said query script for 
transmission over said low-bandwidth network from said 
local proxy to said remote proxy. 



3 5 means 



said data 



The system according to claim 14, wherein said 
for converting said application layer protocol of 
object further comprises: 
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m*ans for compracsing, filtering r and encrypting 



said data object according to said settings in said 
query script; and 

means for placing said data object in a reply 
5 script for transmission over said low-bandwidth networ}c 

id remote proscy to said local proxy. 



10 



20 



25 



30 



35 



means for matching 
script upon receiving 



IG. The system according to claim 15, fxurther 



script with said 
reply script in said 



means for delivering said reply script to said 



means for unpackaging said data object from said 
reply script; and 

means for displaying said data object in a viewer 

of said browser. 

17. The system according to claim 10^ further 



mecms for creating a 

proxy; 

means for transmitting 
said remote proxy to said 

means for parsing said 
a r 

service script; and 

means for executing a 



said service script from 



extracting a requested action and data object from said 



18. The system according to claim., 10, wherein said 
low*bandwidth network comprises a wireless network. 

19. The system according to claim 10, wherein said 
computer network comprises the World Wide Web» 
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20* A systmm for communicating wxtli a computer 

n e t wor k , compr i 6 ing : 

a host computer having a browser for a user 



10 



15 



20 



a local proxy means for communicating with said 
browser using an application layer protocol/ said local 
proxy means having means for converting said application 
layor protocol into a trainsport protocol; 

a remote proxy means for communicating with said 
local proxy means using said transport protocol ^ said 
remote proxy means having meauris for converting said 
transport protocol into said application layer protocol, 
said remote proxy means having means for communicating 
with said computer networJc using said application layer 



21. The system according to claim 20, wherein said 
local proxy and said remote proxy commxxnicate through a 
low-bandwidth network* 

22- The system according to claim 20, wherein said 
local proxy and said remote proxy communicate through a 
wireless network. 



25 23. A secured computer network interface 



a public computer network; 
a local proxy connecting said protected 
30 computer or computer network and a communication 

network ; and 

a remote proxy connecting said communication 

network and said public computer network; 

wherein said proxies are provided with at 
35 least one encryption algorithm for encrypting data 
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24 . A eacured computer network interface as 
claijaed in claim 23/ further comprising a service 
provider who own* or maintains the connection between 
said commvtnication network and said public computer 
network; wherein said at least one encryption algorithm 
is known to said service provider such that said service 
provider can access said protected computer ot- comput. 
network . 



25. A secured computer network interface as 
claimed in claim 24, wherein said service provider 
accesses said protected computer or computer network for 
the pxirpose of updating or configuring software on said 
protected computer or computer network, 

26. A method for securing a computer network 
inteirface comprising the steps of: 

providing a computer or computer network to be 



20 connecting said protected computer or computer 

network and a communication network with a local proxy; 

connecting said communication network and a 
public computer network with a remote projcy; and 

providing said proxies with at least one 
2 5 encryption algorithm for encrypting data transmissions » 



27. A method for securing a 
interface as claimed in claim 26, further comprising the 

steps of: 

3 0 managing said connection between said 

comaxinication network and said public computer network; 

providing said at least one encryption 
algorithm to a service provider who manages said 
connection between said communication network and said 

3 5 public computer network. 
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2S. A sacured coaputier network interface as 
claimed in claim 27 , further comprising tlie step of 
accessing said protected computer or computer network 
using said at least one encryption algorithm so that 
5 said service provider can update or configure software 
on said protected computer or computer network - 

29. A filtered computer network interface 



20 



25 



a protected computer or computer network; 

a public computer network; 

a locel proxy connecting seid protected 
computer or computer network and a communication 
net:work; and 

2^5 a remote proxy connecting said communication 

network and said public computer network; 

wherein said remote proxy filters data 
tramsmissions from said public computer network to 
protected computer or computer network. 



30. A method for filtering data through a computer 
network interface comprising the steps 



network ; 




network and a communication network with a local proxy; 

connecting said communication network and a 
public computer network with a remote proxy; and 

filtering data transmissions from said public 
3 0 coi^uter network to said protected computer or computer 
network with said remote proxy. 

31. A computer network interface for compressing 

data, comprising: 
3 5 a subscriber computer or computer network; 

a public computer network; 
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a local proxy connecting said sul^scrib^r 
computar or computier network and a communication 

network ; and 

a r«aot* proxy connecting said conmxanication 

5 network and said putolic computer network; 

wherein said proxieit compress data 

transmissions between said public computer network and 

said subscriber computer or computer network. 

32. A metbod ^or compressing data using a computer 
network interface comprising tbe steps of: 

providing a subscriber conqouter or computer 

network; 

_ connecting said sxibscriber computer or 

15 computer network and a communication network with a 

local proxy; 

connecting said communication network and a 

^ 

public computer network with a remote proxy; and 

compressing data transmissions between said 
20 pxiblic computer network and said subscriber computer or 
computer network with said proxies. 
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